On Tue, Mar 27, 2012 at 03:17:06PM -0400, Simo Sorce wrote: > This patch fixes #2504, the logic to choose the client principal to use > was basically reversed, and we ended up using the wrong principal to > verify the PAC owner. > > This patch fixes it. Tested and s4u2proxy keeps working both with and > without a PAC attached. > > It also keeps working with normal TGS requests of course.
ACK, '--delegate' is not neede anymore. bye, Sumit > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel